[Pkg-mozext-maintainers] Bug#741261: Bug#741261: enigmail: fails to recognize private keys for different accounts, asks for all private keys passphrases

Tue Mar 11 15:37:25 UTC 2014

hey, and thanks for all the info.

indeed it only happens in decrypting. and yes, i also use 'throw-keyids'
in gpg.conf. while testing by emailing myself :
:pubkey enc packet: version 3, algo 1, keyid 0000000000000000
like you said... removing that option , works as expected on decrypting..
:pubkey enc packet: version 3, algo 1, keyid $THE-RIGHT-KEY
and the passphrase is asked correctly on decrypting, only for that key.

others had similar effects in tb, i guess we all just copied the
throw-keyids tip from somewhere :-)

anyway, i guess you can close this one, it is a matter of settings in
~/.gnupg/gpg.conf and not a real  bug..

thanks,
d.

On 03/11/2014 03:53 PM, Daniel Kahn Gillmor wrote:
> Control: tags -1 + moreinfo
> 
> hi dpdt1--
> 
> On 03/10/2014 10:28 AM, dpdt1 wrote:
>> i have 7-8 private keys in my gpg keyring,  3 of those just for email accounts.
>> when i decrypt with default key(set in gpg.conf) everything's allright. when i
>> try to decrypt another account, gpg-agent asks for all other private
>> keys/subkeys's passphrases, untill it reaches the particular one.. and not
>> asking for that particular one in the first place.. that's really annoying on
>> tb/enigmail since i get 8 pop-ups asking for different passphrases everytime...
>> i've set mail accounts to use specific key for those, and see no difference..
>> still asking passphrase for all of them...
> 
> You seem to be asking about decryption specifically, and not signing.  i
> think that makes sense, i'm just double-checking to make sure, since
> there are two operations enigmail is capable of doing with a secret key.
> 
> The choice of which key to use for decrypting any given message is based
> on the PK-ESK OpenPGP packet stored in the message itself:
> 
>  https://tools.ietf.org/html/rfc4880#section-5.1
> 
> Normally, this packet contains the OpenPGP keyID of the target to whom
> the message is encrypted, but some people use a keyID of
> 0x0000000000000000 to hide the target (this is done by enigmail by
> default when Bcc'ing someone on a message, and some people make it
> happen by default by adding "throw-keyids" to ~/.gnupg/gpg.conf, using
> --hidden-recipient arguments, or other gpg options.
> 
> When the keyID is hidden like this, gpg just tries all secret keys.
> Perhaps this is what is happening for you?  You can find out, for any
> given message, by choosing "view source" on any given message, and then
> pasting the source into "gpg --list-packets".  If there is a hidden
> keyid, you'll see:
> 
> :pubkey enc packet: version 3, algo 1, keyid 0000000000000000
> 
> I agree this is super annoying, but i'm not sure that enigmail is the
> place to fix it, or how you would fix it in engimail as well.  Maybe you
> can ask your correspondents not to hide your keyid when they send you mail?
> 
>> i thought it was a problem with gpg-agent and maybe it is (?), but other apps
>> recognize correctly each key and ask only for that passphrase....
> 
> which other apps?  decrypting what sort of data?
> 
> 	--dkg
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozext-maintainers/attachments/20140311/1d78039b/attachment.sig>